* Make texlive untrusted
TeXLive updates their installer without changing its name. We've been
playing keep-up with them, but I'm proposing it's not worth it.
I seem to end up installing it '--no-checksum' anyway.
This commit updates the package to make that approach official,
removing the checksum, adding a note to the description and a bigger
note/comment inthe package body.
* Pull installer from stable source (packages are still *live*)
This pulls the installer script from the "historic" repository. It
appears to be stable, so that we can use a checksum with it (one
hopes, time will tell).
The installer still pulls the packages from the live repos so
installations aren't reproducible.
The repository used by the texlive installer defaults to a redirector
that sends one off to various URLs depending on <fill in the blank>.
This is problematic because all of the mirrors do not update in
synchrony and bad tarballs often hang around for a while.
This leads to problems that are particularly hard to diagnose because
you're likely to end up using a different repo the next time around.
This commit constraints the package to a particular, mainstream,
repository. It's not fast, but it's consistent and usually correct.
It also updates the installer digest, because no day is complete
without updating it at least (sigh) once.
* Update texlive digest value
While the discussion in #2494 progresses, this changes fixes the digest
values so that builds succeeed.
* Add warning that texlive is not repeatably installable
* November 1 seems to have brought a new texlive release, updating the
digest to match.
Also switching the url from their automagic mirror to an explicit
site to avoid inconsistencies during their updates.
It seems like only yesterday (#2073) that I updated this....
* Add comment to url warning about mirror updates
Add a comment to the download info warning to use a
specific site rather than the mirror, to avoid wobbles
during their asynchronous updates.
* Fix typo ('to no' -> 'do not')
